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DETAILED ACTION 



STATUS OF THE CLAIMS 



1. 



Claims 38- 



-49 were previously pending as per the previous office action. 



2. 



Claims 38, 



40-44, and 46-49 are currently pending. Claims 39 and 45 are canceled. 



3. 



Claims 38, 



40-44, and 46-49 are allowed. 



EXAMINER'S AMENDMENT 



1 . An examiner's amendment to the record appears below. Should the changes and/or additions be 
unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1 .312. To ensure 
consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview with Arthur 
Samodovitz (Reg. No. 31,297) on 2/14/12. 

Please amend claims 38 and 44 as follows: 

38. A computer program product for evaluating a security risk of an application, the computer 
program product comprising: 

one or more computer-readable tangible storage devices and program instructions stored on at least one 
of the one or more storage devices, the program instructions comprising; 

program instructions to determine whether employees of two or more customer corporations are 
authorized to concurrently share use of the application; 

program instructions to determine whether a vulnerability in the application can be exploited by a user 
which has not been authenticated to the application; 

program instructions to determine whether there is a requirement for authentication for user access to the 
application; 
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program instructions to assign numerical weights to the respective determinations, each of the numerical 
weights corresponding to a significance of the respective determination in quantifying the security risk; 

program instructions to combine the numerical weights to quantify the security risk; and 

program instructions to compare the quantification of the security risk based on the combined numerical 
weights to a monetary value of a benefit of the application, and based on the comparison, recommend 
whether to certify the application for use. 

44. A system for evaluating a security risk of an application, the computer system comprising: 

one or more processors, one or more computer-readable memories, one or more computer-readable 
tangible storage devices, and program instructions stored on at least one of the one or more storage 
devices for execution by at least one of the one or more processors via at least one of the one or more 
memories, the program instructions comprising: 

program instructions to determine whether employees of two or more customer corporations are 
authorized to concurrently share use of the application; 

program instructions to determine whether a vulnerability in the application can be exploited by a user 
which has not been authenticated to the application; 

program instructions to determine whether there is a requirement for authentication for user access to the 
application; 

program instructions to assign numerical weights to the respective determinations, each of the numerical 
weights corresponding to a significance of the respective determination in quantifying the security risk; 

program instructions to combine the numerical weights to quantify the security risk; and 

program instructions to compare the quantification of the security risk based on the combined numerical 
weights to a monetary value of a benefit of the application, and based on the comparison, recommend 
whether to certify the application for use. 



Claims 39 and 45 are canceled. 
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EXAMINER'S STATEMENT OF REASONS FOR ALLOWANCE 
Prior art was found which disclosed: 

A computer program product for evaluating a security risk of an application, the computer program 
product comprising: 

one or more computer-readable tangible storage devices and program instructions stored on at least one 
of the one or more storage devices, the program instructions comprising; 

program instructions to determine whether a vulnerability in the application can be exploited by a user 
which has not been authenticated to the application; 

program instructions to assign numerical weights to the respective determinations, each of the numerical 
weights corresponding to a significance of the respective determination in quantifying the security risk; 

program instructions to combine the numerical weights to quantify the security risk; and 

program instructions to compare the quantification of the security risk based on the combined numerical 
weights to a monetary value of a benefit of the application, and based on the comparison, recommend 
whether to certify the application for use. 

The following is examiner's statement of reasons for allowance: 

The prior art of record does not teach or render obvious the limitations as recited in independent claims 
38 and 44 of the currently amended claims, specific to: 

program instructions to determine whether employees of two or more customer corporations are 
authorized to concurrently share use of the application; and 

program instructions to determine whether there is a requirement for authentication for user access to the 
application; 
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The prior art of record teaches combining the numerical weights and quantifying the security risk based 
on the combination but the prior art of record is mute in teaching that the numerical weights consist of 
assigning numerical weights based on the determination that the application is concurrently shared as 
well as requiring authentication. 

Claims 40-43 and 46-49 depend on independent claims. Dependent claims are allowable as they depend 
from an allowable independent claim. 

Any comments considered necessary by applicant must be submitted no later than the payment of the 
issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions 
should be clearly labeled "Comments on Statement of Reasons for Allowance". 



POINTS OF CONTACT 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 



Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 



Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can normally 
be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 

/Daniel L. Hoang/ 
Examiner, Art Unit 2436 



/Nasser Moazzami/ 

Supervisory Patent Examiner, Art Unit 2436 



